September 14, 2022

Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs

As part of September’s monthly security rollup updates, Microsoft has patched 2 actively exploited Zero-day and 30 remote code execution vulnerabilities.

Overall, Microsoft has patched 63 vulnerabilities across Windows, Windows Server, Office, Azure, Visual studio, and other products.

The Zero-Day Vulnerabilities

• CVE-2022-37969 (CVSS 3.1: 7.8, High Severity) –Windows Common Log File System Driver Elevation of Privilege Vulnerability. – actively exploited.
  An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
• CVE-2022-23960, (CVSS 3.1: 5.6, Medium Severity) – An Arm Cache Speculation Restriction Vulnerability, might allow the attacker to obtain sensitive information.

Microsoft also patched up a number of Critical RCE vulnerabilities in Microsoft Dynamics  (CVE-2022-35805 ,  CVE-2022-34700), Windows IKE Extension (CVE-2022-34722 , CVE-2022-34721 ), Windows TCP/IP (CVE-2022-34718).

For the full patched vulnerabilities list, including the additional 25 RCEs, visit Microsoft September 2022 Security Updates.

Mitigation

CYREBRO recommends implementing the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.

References: Microsoft Sep 2022 Security Updates.